Cisco Systems OL-6426-02 Benutzerhandbuch
B E TA D R A F T - C I S C O C O N F I D E N T I A L
7-3
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
Configure a VPN
Configure a VPN
Perform the following tasks to configure a VPN over an IPSec tunnel:
•
•
•
•
•
•
Configure the IKE Policy
Perform these steps to configure the Internet Key Exchange (IKE) policy, beginning in global
configuration mode:
configuration mode:
Command or Action
Purpose
Step 1
crypto isakmp policy priority
Example:
Router(config)# crypto isakmp policy 1
Router(config-isakmp)#
Creates an IKE policy that is used during IKE
negotiation. The priority is a number from 1 to
10000, with 1 being the highest.
negotiation. The priority is a number from 1 to
10000, with 1 being the highest.
Also enters Internet Security Association Key and
Management Protocol (ISAKMP) policy
configuration mode.
Management Protocol (ISAKMP) policy
configuration mode.
Step 2
encryption {des | 3des | aes | aes 192 | aes 256}
Example:
Router(config-isakmp)# encryption 3des
Router(config-isakmp)#
Specifies the encryption algorithm used in the IKE
policy.
policy.
The example uses 168-bit Data Encryption
Standard (DES).
Standard (DES).
Step 3
hash {md5 | sha}
Example:
Router(config-isakmp)# hash md5
Router(config-isakmp)#
Specifies the hash algorithm used in the IKE
policy.
policy.
The example specifies the Message Digest 5
(MD5) algorithm. The default is Secure Hash
standard (SHA-1).
(MD5) algorithm. The default is Secure Hash
standard (SHA-1).
Step 4
authentication {rsa-sig | rsa-encr | pre-share}
Example:
Router(config-isakmp)# authentication
pre-share
Router(config-isakmp)#
Specifies the authentication method used in the
IKE policy.
IKE policy.
The example uses a pre-shared key.